Back
Holovid® Secure Connect

Holovid® Secure Connect

By holovid2
Details
View on WordPress
Back

You have a WordPress site and you want to protect it from hackers? This plugin is made for you!

Today, a simple password is no longer enough. Hackers have tools to guess, steal or intercept them. Two-factor authentication (2FA) is like adding an extra lock to your door: even if someone finds your key, they cannot get in without the second lock.

Holovid® Secure Connect offers you two ways to protect your site:

  • TOTP mode (temporary code)

A 6-digit code that changes every 30 seconds. You find it in the Holovid® ID app on your phone (or in Google Authenticator, Authy, etc.). You type the code, and you are in. It is the most common system, compatible with all authenticator apps.

  • Secure Connect mode (codeless)

This one is even simpler: you do not type anything at all. A QR Code appears on your WordPress login page, you scan it with the Holovid® ID app, you confirm with a tap on your phone, and you are logged in. Fast, effortless.

But Secure Connect is not just convenient. It protects you against a particularly sneaky category of attacks: proxy phishing (known as “AiTM” attacks, such as Tycoon 2FA or EvilProxy). These attacks create a fake copy of your login page to intercept your TOTP code in real time. With Secure Connect, this technique does not work, because the signature is bound to the real domain of your site.

Both modes can coexist on your site. Each user chooses the one they prefer from their profile.

What makes this plugin different

  • Two levels of protection to choose from: a classic temporary code or a codeless login from your phone.
  • Resistant to proxy phishing: Secure Connect prevents hackers from intercepting your authentication, even if they copy your login page.
  • Nothing leaves your server: TOTP mode works without calling any external service. The QR Code is generated directly by your server, in pure PHP, without going through Google or any other service.
  • Your secrets are encrypted: TOTP keys are protected with AES-256-GCM encryption in your database. Even if the database leaks, they remain unreadable.
  • One device = one account: each WordPress account is linked to a single phone. If someone tries to log in with a different device, the plugin detects it and denies access.
  • Backup codes: in TOTP mode, 10 single-use codes are generated in case you lose your phone.
  • Lightweight and dependency-free: no external library, no third-party service on the TOTP side. The plugin does everything itself.
  • French and English: the interface automatically adapts to your WordPress language.

In a nutshell

TOTP (temporary code)
Secure Connect (codeless)

How does it work?
You type a 6-digit code
You scan a QR Code and confirm

Compatible with other apps?
Yes (Google Authenticator, Authy, etc.)
No, Holovid® ID only

Works offline?
Yes
No (requires internet)

Resistant to proxy phishing?
No
Yes

Backup codes?
Yes (10 codes)
No (an admin can deactivate)

External services

This plugin connects to the Holovid® ID server for the Secure Connect (codeless) authentication mode. The TOTP mode does not use any external service.

Holovid® ID API (api.holovid.net)

When Secure Connect is enabled, the plugin communicates with the Holovid® ID API hosted in Gravelines, France, in the following situations:

  • Registration: when a user activates Secure Connect, the plugin requests a cryptographic challenge from the API. The site domain name is sent.
  • Login: when a user logs in with Secure Connect, the plugin polls the API to check whether the user has confirmed the authentication on their phone. The challenge nonce and session token are sent.
  • Device verification: when a device change is detected, the plugin checks with the API whether the previous device registration is still active. The account identifier and site domain are sent.
  • Login page: the Secure Connect login page loads a JavaScript SDK from the API server to display the QR Code and handle the authentication flow.

No personal data (name, email, password) is ever sent to the API. Only cryptographic identifiers (nonce, session token, account ID) and the site domain are transmitted.

This service is provided by Holovid SAS (Bergerac, France).

Details

Plugin code:
holovid-secure-connect
Plugin version:
1.2.15
Author:
holovid2
Outdated:
No
WP version:
5.8 or higher
PHP version:
7.4 or higher
Test up to WP version:
7.0
Total installations:
0
Last updated:
2026-06-05
Rating:
Times rated:
0
2fa
anti-phishing
authentication
security
two-factor

Related plugins

Plugins that also contain the tag 2fa

Wordfence Security – Firewall, Malware Scan, and Login Security
Wordfence Security – Firewall, Malware Scan, and Login Security
Really Simple Security – Simple and Performant Security (formerly Really Simple SSL)
Really Simple Security – Simple and Performant Security (formerly Really Simple SSL)
WP 2FA – Two-factor authentication for WordPress
WP 2FA – Two-factor authentication for WordPress
Two Factor
Two Factor
Wordfence Login Security
Wordfence Login Security
WP Hide & Security Enhancer
WP Hide & Security Enhancer
We use cookies on our website to enhance your browsing experience. By using our site, you agree to the use of cookies, including those from Google Analytics and Google AdSense, for analytics and personalized advertising. You can view our full privacy policy by clicking here. Thank you for visiting!
Got it
Searchable WordPress plugin database - Plugin for that
Popular tags
social-media
comments
widget
search
api
ads
ajax
contact
youtube
spam
shipping
seo
images
post
woocommerce
block
gutenberg
reviews
booking
shortcode
About

Plugin for that tries to help you find the WordPress plugin you are looking for.

Please enjoy an image of Crush (this awesome turtle) and have a lovely day!Crush

We do not own any plugin listed on this site and do not work for or work with WordPress.com or it's associated companies. We simply provide a searchable list of the available WordPress plugins.

Plugin for that - Created with by Intology